HTTP Enumeration

Target Host IP: 10.0.0.20

Brute Forcing using DirBuster

1. Start the dirbuster and set the options.

Note:

  1. The wordlist can be found locally or downloaded from the Internet.

OR  Dirbuster-ng big wordlist dowload site:https://github.com/digination/dirbuster-ng/tree/master/wordlists

2. Progress in sacanning.

3. Scan result tree. We may find some interesting things here.

4.Open the test.php in browser, and review the source code.

Brute Forcing using nikto

1. Scan the target port 80(http).

nikto -h 10.0.0.20

2. Scan the target port 443(https).

nikto -h 10.0.0.20:

OSCP Learning Notes - Enumeration(2)的更多相关文章

  1. OSCP Learning Notes - Enumeration(4)

    DNS Enumeration 1. Host Tool host is a simple utility for performing DNS lookups. It is normally use ...

  2. OSCP Learning Notes - Enumeration(3)

    SMB Enumeration 1. Set the smb configurations. locate smb.conf vim /etc/samba/smb.conf Insert the gl ...

  3. OSCP Learning Notes - Enumeration(1)

    Installing Kioptrix: Level 1 Download the vm machine form https://www.vulnhub.com/entry/kioptrix-lev ...

  4. OSCP Learning Notes - Overview

    Prerequisites: Knowledge of scripting languages(Bash/Pyhon) Understanding of basic networking concep ...

  5. OSCP Learning Notes - Buffer Overflows(3)

    Finding Bad Characters 1. Find the bad charaters in the following website: https://bulbsecurity.com/ ...

  6. OSCP Learning Notes - Buffer Overflows(2)

    Finding the Offset 1. Use the Metasploite pattern_create.rb tool to create 5900 characters. /usr/sha ...

  7. OSCP Learning Notes - Buffer Overflows(1)

    Introduction to Buffer Overflows Anatomy of Memory Anatomy of the Stack Fuzzing Tools: Vulnserver -  ...

  8. OSCP Learning Notes - Netcat

    Introduction to Netcat Connecting va Listening Bind Shells Attacker connects to victim on listening ...

  9. OSCP Learning Notes - Scanning(2)

    Scanning with Metasploite: 1. Start the Metasploite using msfconsole 2. search modules 3.Choose one ...

随机推荐

  1. Eclipse设置断点无效、无法拦截请求进行Debug调试

    场景: 在Eclipse中添加Debug断点,从后台页面中点击修改按钮提交数据,发现打断点的地方并没有拦截到请求,接下来对此情况的进行分析. 分析: * 如果页面是根据业务需求复制别的相似html页面 ...

  2. 《Java并发编程的艺术》第6/7/8章 Java并发容器与框架/13个原子操作/并发工具类

    第6章 Java并发容器和框架 6.1  ConcurrentHashMap(线程安全的HashMap.锁分段技术) 6.1.1 为什么要使用ConcurrentHashMap 在并发编程中使用Has ...

  3. SpringMVC整合mybaitis

    目录 一.新建一个基于Maven的Web项目 二.创建数据库与表 三.添加依赖包 四.新建POJO实体层 五.新建MyBatis SQL映射层 六.完成Spring整合MyBatis配置 七.创建服务 ...

  4. python中列表,元组,字符串 互相转换

    #-*-coding:utf-8-*- #1.字典dict = {'name': 'Zara', 'age': 7, 'class': 'First'} #字典转为字符串,返回:<type 's ...

  5. gerapy 爬虫web调度可视化工具(基于scrapyd)

    web 基于scrapyd 提供主机管理功能 基于scrapyd管理已安装服务的主机. 进入具体主机管理页面,会自动加载所有已知爬虫任务: 可直接可以调度.运行.查看日志. 提供项目管理功能 将已知项 ...

  6. ant+jmeter+jenkins接口自动化测试一

    [Jmeter篇]jmeter+Ant+Jenkins接口自动化测试集成(一) 橙子探索测试发表于橙子探索测试订阅 90 一.简介 1.什么是ant? ant是构建工具,把代码从某个地方拿来,编译,再 ...

  7. Idea配置JRebel插件的详细配置及图解

    Idea最新JRebel插件的详细配置及图解 地址:https://blog.csdn.net/nyotengu/article/details/80629631#commentBox Ⅰ安装jreb ...

  8. Linux安装Redis 6.0.5 ./install_server.sh报错

    Linux安装Redis 6.0.5 ./install_server.sh报错 linux 安装Redis6.0.5时 进行到./install_server.sh时报错, This systems ...

  9. java命令行输入参数

    Java命令行输入参数 代码用例:命令行输入参数,并进行加法运算. public class Demo01 { public static void main(String[] args) { for ...

  10. express高效入门教程(1)

    1.hello world 1.1.安装express // 1.进入到自己的项目目录, 我这里是express-demo cd express-demo // 2.初始化项目,生成package.j ...